Krister Johansen 4548b683b7 Introduce a sysctl that modifies the value of PROT_SOCK. ... Add net.ipv4.ip_unprivileged_port_start, which is a per namespace sysctl that denotes the first unprivileged inet port in the namespace. To disable all privileged ports set this to zero. It also checks for overlap with the local port range. The privileged and local range may not overlap. The use case for this change is to allow containerized processes to bind to priviliged ports, but prevent them from ever being allowed to modify their container's network configuration. The latter is accomplished by ensuring that the network namespace is not a child of the user namespace. This modification was needed to allow the container manager to disable a namespace's priviliged port restrictions without exposing control of the network namespace to processes in the user namespace. Signed-off-by: Krister Johansen <kjlx@templeofstupid.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2017-01-24 12:10:51 -05:00
..
ila
netfilter	Replace <asm/uaccess.h> with <linux/uaccess.h> globally	2016-12-24 11:46:01 -08:00
addrconf.c	ipv6: do not send RTM_DELADDR for tentative addresses	2017-01-06 15:39:31 -05:00
addrconf_core.c
addrlabel.c
af_inet6.c	Introduce a sysctl that modifies the value of PROT_SOCK.	2017-01-24 12:10:51 -05:00
ah6.c
anycast.c
calipso.c
datagram.c	Replace <asm/uaccess.h> with <linux/uaccess.h> globally	2016-12-24 11:46:01 -08:00
esp6.c
exthdrs.c	ktime: Get rid of the union	2016-12-25 17:21:22 +01:00
exthdrs_core.c
exthdrs_offload.c
fib6_rules.c
fou6.c
icmp.c	net: for rate-limited ICMP replies save one atomic operation	2017-01-09 15:49:12 -05:00
inet6_connection_sock.c	inet: drop ->bind_conflict	2017-01-18 13:04:28 -05:00
inet6_hashtables.c	inet: collapse ipv4/v6 rcv_saddr_equal functions into one	2017-01-18 13:04:28 -05:00
ip6_checksum.c
ip6_fib.c
ip6_flowlabel.c	Replace <asm/uaccess.h> with <linux/uaccess.h> globally	2016-12-24 11:46:01 -08:00
ip6_gre.c	gre6: Clean up unused struct ipv6_tel_txoption definition	2017-01-20 11:37:01 -05:00
ip6_icmp.c
ip6_input.c
ip6_offload.c	gro: Disable frag0 optimization on IPv6 ext headers	2017-01-10 21:30:33 -05:00
ip6_offload.h
ip6_output.c	ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output	2016-12-29 11:55:17 -05:00
ip6_tunnel.c	ip6_tunnel: Account for tunnel header in tunnel MTU	2017-01-16 13:22:12 -05:00
ip6_udp_tunnel.c
ip6_vti.c	vti6: fix device register to report IFLA_INFO_KIND	2017-01-06 16:09:09 -05:00
ip6mr.c	net: ipv6: remove nowait arg to rt6_fill_node	2017-01-18 15:43:59 -05:00
ipcomp6.c
ipv6_sockglue.c	net: Allow IP_MULTICAST_IF to set index to L3 slave	2016-12-30 15:24:47 -05:00
Kconfig
Makefile
mcast.c	mld: do not remove mld souce list info when set link down	2017-01-16 12:44:59 -05:00
mcast_snoop.c
mip6.c	ktime: Get rid of ktime_equal()	2016-12-25 17:21:23 +01:00
ndisc.c
netfilter.c
output_core.c
ping.c	ipv6: remove unnecessary inet6_sk check	2016-12-29 12:05:49 -05:00
proc.c
protocol.c
raw.c	ipv6: handle -EFAULT from skb_copy_bits	2016-12-23 12:20:39 -05:00
reassembly.c
route.c	net: ipv6: Keep nexthop of multipath route on admin down	2017-01-19 23:38:51 -05:00
seg6.c
seg6_hmac.c	ipv6: add NUMA awareness to seg6_hmac_init_algo()	2017-01-22 16:50:36 -05:00
seg6_iptunnel.c	ipv6: sr: fix several BUGs when preemption is enabled	2017-01-13 12:29:55 -05:00
sit.c	Replace <asm/uaccess.h> with <linux/uaccess.h> globally	2016-12-24 11:46:01 -08:00
syncookies.c	syncookies: use SipHash in place of SHA1	2017-01-09 13:58:57 -05:00
sysctl_net_ipv6.c
tcp_ipv6.c	inet: drop ->bind_conflict	2017-01-18 13:04:28 -05:00
tcpv6_offload.c
tunnel6.c
udp.c	inet: collapse ipv4/v6 rcv_saddr_equal functions into one	2017-01-18 13:04:28 -05:00
udp_impl.h
udp_offload.c
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c